Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9
Hi Rob,
On Thu, Jan 05, 2017 at 08:11:21PM +0000, Adam D. Barratt wrote:
> Control: tags -1 -moreinfo +confirmed
>
> On Sat, 2016-10-22 at 14:11 -0500, Rob Browning wrote:
> > "Adam D. Barratt" <adam@adam-barratt.org.uk> writes:
> >
> > > Control: tags -1 + moreinfo
> > > Control: severity -1 normal
> > >
> > > On Sat, 2016-10-22 at 13:10 -0500, Rob Browning wrote:
> > >> I'd like to propose an update for jessie as described by the attached
> > >> debdiff. Though the final upload/diff might be slightly different
> > >> (i.e. the dpm hashes).
> > >>
> > >> Both of the changes (patches) have been cherry-picked from upstream as
> > >> described in the patch headers.
> > >
> > > The security tracker indicates that both issues - CVE-2016-8605 and
> > > CVE-2016-8606 - still affect the guile-2.0 packages in unstable. Is that
> > > correct? If so then that would be a prerequisite to applying the fixes
> > > in stable.
> >
> > Hmm, well I'm also preparing 2.0.13+1-1 packages for unstable that include
> > (upstream) both fixes. Should I upload those first?
>
> That happened in the meantime, so please feel free to go ahead with the
> upload to stable.
Any news on that upload?
Regards,
Salvatore
Reply to: